paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-21 15:09:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

linter: Add checks for sloppy use of .html().

Browse Source 
Since jQuery's .html() can be a source of security bugs, we add a new
lint rule that tries to catch common problematic uses.
This commit is contained in:
Tim Abbott
2018-03-22 14:04:24 -07:00
parent 5f0f492205
commit feef35bf25
3 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
static/js/stream_edit.js
View File

@@ -69,7 +69,7 @@ exports.show_sub_settings = function (sub) {
var $settings = $(".subscription_settings[data-stream-id='" + sub.stream_id + "']");
if ($settings.find(".email-address").val().length === 0) {
// Rerender stream email address, if not.
$settings.find(".email-address").html(sub.email_address);
$settings.find(".email-address").text(sub.email_address);
$settings.find(".stream-email-box").show();
}
$settings.find(".regular_subscription_settings").addClass('in');